Answers can be found at http://mdsec.net/wahh.
- What is forced browsing, and what kinds of vulnerabilities can it be used to identify?
- An application applies various global filters on user input, designed to prevent different categories of attack. To defend against SQL injection, it doubles up any single quotation marks that appear in user input. To prevent buffer overflow attacks against some native code components, it truncates any overlong items to a reasonable limit.
What might go wrong with these filters?
- What steps could you take to probe a login function for fail-open conditions? (Describe as many different tests as you can think of.)
- A banking application implements a multistage login mechanism that is intended to be highly robust. At the first stage, the user enters a username and password. At the second stage, the user enters the changing value on a physical token she possesses, and the original username is resubmitted in a hidden form field.
What logic flaw should you immediately check for?
- You are probing an application for common categories of vulnerability by submitting crafted input. Frequently, the application returns verbose error messages containing debugging information. Occasionally, these messages relate to errors generated by other users. When this happens, you are unable to reproduce the behavior a second time. What logic flaw might this indicate, and how should you proceed?